Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-18216

rysnc script /usr/share/doc/rsync/support/rrsync is unsecure

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • rhel-9.2.0
    • rsync
    • None
    • None
    • Moderate
    • rhel-sst-cs-net-perf-services
    • ssg_core_services
    • 2
    • False
    • Hide

      None

      Show
      None
    • None
    • Red Hat Enterprise Linux
    • None
    • None
    • None
    • All
    • None

      What were you trying to do that didn't work?

      We are trying to set up an automated rsync over SSH but want to limit the target access

      rsync provides a script in /usr/share/doc/rsync/support/rrsync , however this outdated perl script is not very secure

      There is a more recent alternative based on python3 at https://github.com/WayneD/rsync/blob/master/support/rrsync which prevent users to abuse symlinks to go outside allowed directories

      Please update the script in the rsync package.

              mruprich@redhat.com Michal Ruprich
              marin.javree Jan-Albert van Ree (Inactive)
              Michal Ruprich Michal Ruprich
              Ondrej Mejzlik Ondrej Mejzlik
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: